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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR LI 14, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on November 6, 2006 has been entered. 

Status of Claims 

AS per the amendment submitted on 1 1/6/2006, claims 5 and 43 have been amended and 
claim 6 has been canceled. Thus, claims 5, 7-12 and 43-50 remain pending. 

Response to Arguments 
Applicant's arguments with respect to the amended claims have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 5, 7-12 and 43-50 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Guheen et al. (hereinafter Guheen), US 6,473,794 Bl in view of Foss et al. (hereinafter 
Foss), US 6,298,444 Bl. 
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Claims 5-12 

5. Guheen discloses a method for protecting a network server from being used as the basis 
of an attack on a network client, the method comprising (column 43, lines 34-67; column 248, 
lines 38-45) and restricting access to said network server to a portion of said network server for 
at least a selected protocol (column 17, directory services; column 276, line 34-277, line 24). 
Guheen does not explicitly disclose scanning said portion of said network server for particular 
characters, said particular characters being associated with said selected protocol and removing 
said particular characters such that a security risk posed by said selected protocol is reduced. 

Foss, however, discloses a data scanning network security system wherein portions of a 
network server are scanned for particular characters, said particular characters being associated 
with said selected protocol and removing said particular characters such that a security risk posed 
by said selected protocol is reduced (column 4, lines 5-50, column 5, lines 3-1 1 and lines 39-45, 
column 6, lines 20-25, column 7, lines 1-3, 48-59). Therefore, it would have been obvious to 
one of ordinary skill in the art at the time of the invention to modify Guheen' s network security 
system to include scanning of electronic data transfer to a server to ensure that harmful or 
unwanted characters do not enter a network, as per teaching of Foss (column 1, line 8-column 2, 
line 39). 

7. The method of claim 5, further comprising replacing said particular characters with benign 
characters such that a security risk posed by said selected protocol is reduced (column 272, line 
30-column 259, line 30). 
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8. The method of claim 5, wherein said characters are hostile characters and wherein if a request 
contains any of said hostile characters, the request is rejected (column 273, lines 16-34; column 
280, lines 19-39). 

9. The method of claim 5, further comprising logging said particular characters to form a security 
log (column 266, lines 12-21, column 268, lines 20-36, column 286, lines 13-58). 

10. The method of claim 9, further comprising reviewing said security log to determine whether 
said particular characters are hostile (column 43, line 34-column 44, line 8). 

11. The method of claim 5, wherein said protection of the network server is accomplished during 
an electronic purchase transaction (column 251, lines 34-36). 

12. The method of claim 11, wherein the electronic purchase transaction is conducted using a 
digital wallet (column 17, java wallet; column 261, lines 30-53). 

Claims 43-50 

43. Guheen discloses a computer-implemented method for protecting a network server from 
being used as the basis of an attack on a network client, the method comprising: a. receiving a 
request for a connection at said server from said network client (figure 87, 2613; receiving user 
indicia); d. verifying that any response from said network server to said network client is void of 
said particular characters (fig 88, 2700; allowing browser-based authentication with user 



Application/Control Number: 1 0/82 1,379 Page 5 

Art Unit: 3621 

verification data); and e. providing said response from said network server to said network client 
(fig 88, 2702; granting access to at least one of application and system data based on the user 
verification data). 

Guheen does not explicitly disclose scanning said portion of said network server for 
particular characters, said particular characters being associated with said selected protocol and 
removing said particular characters such that a security risk posed by said selected protocol is 
reduced. 

Foss, however, discloses a data scanning network security system wherein portions of a 
network server are scanned for particular characters, said particular characters being associated 
with said selected protocol and removing said particular characters such that a security risk posed 
by said selected protocol is reduced (column 4, lines 5-50, column 5, lines 3-1 1 and lines 39-45, 
column 6, lines 20-25, column 7, lines 1-3, 48-59). Therefore, it would have been obvious to 
one of ordinary skill in the art at the time of the invention to modify Guheen' s network security 
system to include scanning of electronic data transfer to a server to ensure that harmful or 
unwanted characters do not enter a network, as per teaching of Foss (column 1, line 8-column 2, 
line 39). 

44. The method of claim 43 further comprising restricting access to said network server for said 
protocol to said portion of said network server (column 17, directory services; column 276, line 
34-277, line 24). 

45. The method of claim 43 further comprising replacing said particular characters with benign 
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characters such that a security risk posed by said selected protocol is reduced (column 272, line 
30-column 259, line 30). 

46. The method of claim 43 wherein said protocol comprises JavaScript (column 34, lines 10- 
60). 

47. The method of claim 43 further comprising logging said particular characters to form a 
security log (column 266, lines 12-21, column 268, lines 20-36, column 286, lines 13-58). 

48. The method of claim 47 further comprising reviewing said security log to determine whether 
said particular characters are hostile (column 273, lines 16-34; column 280, lines 19-39). 

49. The method of claim 47 wherein said protection of the network server is accomplished 
during an electronic purchase transaction (column 251, lines 34-36). 

50. The method of claim 49 wherein the electronic purchase transaction is conducted using a 
digital wallet (column 17, java wallet, column 261, lines 30-53). 

Examiner has pointed out particular references contained in the prior arts of record in 
the body of this action for the convenience of the applicant. Although the specified citations 
are representative of the teachings in the art and are applied to the specific limitations within 
the individual claim, other passages and figures may apply as well. It is respectfully requested 
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from the applicant, in preparing the response, to consider fully the entire references as 
potentially teaching all or part of the claimed invention, as well as the context of the passage 
as taught by the prior arts or disclosed by the examiner. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure, US Patent 7,010,700 Bl to Foss et al. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Bradley B. Bayat whose telephone number is 571-272-6704. The 
examiner can normally be reached on Tuesday-Friday 8 a.m.-6:30 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Primary Examiner 
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